On Mar 11, 2015, at 9:03 AM, Erik Weber <terbol...@gmail.com> wrote:
> On Tue, Mar 10, 2015 at 5:27 PM, Wido den Hollander <w...@widodh.nl> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On 03/10/2015 04:56 PM, David Nalley wrote: >>> So 4.5.0 has shipped - it's been propogated to hundreds of >>> mirrors, and undoing that is not trivial. IMO, we should patch, and >>> kick out another RC for 4.5.1 (or 4.5.0.1 I suppose) >>> >>> Version numbers are cheap to increment. >>> >> > >> But shall we stay away from building packages then? 4.5.0 will simply >> not be released in DEB or RPM format. >> >> > Is there anything that prevents us from releasing the 4.5.0 packages with > the patch? We don't want to do this. 4.5.0 is an official source release of cloudstack. That means that it has been voted. By voting we actually transfer the liability to the ASF not the individuals. The way I understand it, if someone ever wanted to sue cloudstack, they would sue the ASF not us. That's also why a package is not an official artifacts of our release process. The system is working well here, we identify a critical bug, unfortunately after voting 4.5.0. But 4.5.0 is not bug free anyway. Nothing prevents us from shipping 4.5.1 quickly , we just need to make sure that folks who might be affected by the bug don't get onto 4.5.0 or have an upgrade path. > > > -- > Erik
